CVE-2010-3116

HIGH

Description

Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins.

References

http://code.google.com/p/chromium/issues/detail?id=50515

http://code.google.com/p/chromium/issues/detail?id=51835

http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html

http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

http://secunia.com/advisories/41856

http://secunia.com/advisories/42314

http://secunia.com/advisories/43068

http://secunia.com/advisories/43086

http://support.apple.com/kb/HT4455

http://support.apple.com/kb/HT4456

http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

http://www.redhat.com/support/errata/RHSA-2011-0177.html

http://www.securityfocus.com/bid/44200

http://www.ubuntu.com/usn/USN-1006-1

http://www.vupen.com/english/advisories/2010/2722

http://www.vupen.com/english/advisories/2010/3046

http://www.vupen.com/english/advisories/2011/0212

http://www.vupen.com/english/advisories/2011/0216

http://www.vupen.com/english/advisories/2011/0552

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11909

Details

Source: MITRE

Published: 2010-08-24

Updated: 2017-09-19

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH